diff options
| author | djm <> | 2006-05-04 14:19:08 +0000 |
|---|---|---|
| committer | djm <> | 2006-05-04 14:19:08 +0000 |
| commit | f9d2303788ae22bedb13da8c57c49011b74de60a (patch) | |
| tree | 153863b6979c54fe2c2bc1e1634af9cea8f6a655 /src/lib/libcrypto/dh/dh_key.c | |
| parent | 4fe079716cece1d7c5964785c0961d561af6eb70 (diff) | |
| download | openbsd-f9d2303788ae22bedb13da8c57c49011b74de60a.tar.gz openbsd-f9d2303788ae22bedb13da8c57c49011b74de60a.tar.bz2 openbsd-f9d2303788ae22bedb13da8c57c49011b74de60a.zip | |
backport checks for degenerate Diffie-Hellman public exponents from
OpenSSL-0.9.8a, where they were added without a corresponding patch to
0.9.7 or an advisory! ok theo@ markus@
Diffstat (limited to 'src/lib/libcrypto/dh/dh_key.c')
| -rw-r--r-- | src/lib/libcrypto/dh/dh_key.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/lib/libcrypto/dh/dh_key.c b/src/lib/libcrypto/dh/dh_key.c index ff125c2296..648766a6ec 100644 --- a/src/lib/libcrypto/dh/dh_key.c +++ b/src/lib/libcrypto/dh/dh_key.c | |||
| @@ -163,6 +163,7 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) | |||
| 163 | BN_MONT_CTX *mont; | 163 | BN_MONT_CTX *mont; |
| 164 | BIGNUM *tmp; | 164 | BIGNUM *tmp; |
| 165 | int ret= -1; | 165 | int ret= -1; |
| 166 | int check_result; | ||
| 166 | 167 | ||
| 167 | ctx = BN_CTX_new(); | 168 | ctx = BN_CTX_new(); |
| 168 | if (ctx == NULL) goto err; | 169 | if (ctx == NULL) goto err; |
| @@ -182,6 +183,12 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) | |||
| 182 | } | 183 | } |
| 183 | 184 | ||
| 184 | mont=(BN_MONT_CTX *)dh->method_mont_p; | 185 | mont=(BN_MONT_CTX *)dh->method_mont_p; |
| 186 | |||
| 187 | if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) | ||
| 188 | { | ||
| 189 | DHerr(DH_F_DH_COMPUTE_KEY,DH_R_INVALID_PUBKEY); | ||
| 190 | goto err; | ||
| 191 | } | ||
| 185 | if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont)) | 192 | if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont)) |
| 186 | { | 193 | { |
| 187 | DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB); | 194 | DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB); |